DoublePulsar Backdoor
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
Affected platforms
The following platforms are known to be affected:
Threat details
DoublePulsar is a backdoor tool that is pushed to a target machine with the ability to inject and run malicious code on the machine. This gives an actor the opportunity to further the attack by pushing any malicious code of their choosing, resulting in a complete compromise. The attack is extremely stealthy with system operators unlikely to notice the intrusion unless a mistake is made by the attackers. Therefore, many compromised systems are likely to remain infected for some time before the intrusion is discovered.
Threat updates
| Date | Update |
|---|---|
| 28 Jun 2018 |
DoublePulsar has now been updated to work on Windows IoT (formerly Windows Embedded) operating system. This now exposes devices such as point-of-sale (PoS), ATM and Internet-of-Things (IoT) devices to DoublePulsar. |
Remediation steps
| Type | Step |
|---|---|
|
The vulnerability exploited by DoublePulsar has been removed in Microsoft Security Bulletin MS17-010. Users should apply this patch immediately if they have not already done so. |
Last edited: 17 February 2020 11:30 am